Wednesday, September 15, 2010

My main motivation for starting this blog was because I was exceptionally annoyed at a virus that had infiltrated my machine. I've never spent this much time in trying to fix a single problem--more than 15 hours of my time...and my computer's been on for about two weeks straight running virus scans. I can only imagine what kind of bill you'd get from Geek Squad for this kind of service.

I've never succumbed to a virus so badly that there was data loss...but this time it came close.

Symantec anitivirus...its the only antivirus protection I have on my home PC. About half the time, I have it turned off as it really thrashes the hard drive.

I use Outlook to aggregate my mail. I love not having to log in to three different websites to see my new messages.

I hate how Outlook automatically runs scripts within email. Especially now that it's helpfully deployed a few different trojans on my machine. It started with popup windows appearing all over the place a week ago.

SuperAntiSpyware nor MalwareBytes were able to detect anything wrong. And I didn't want to bother the good folks who inspect HiJackThis logs.

Enter UBCD4Win. I've used this several times over the last few years to get me out of windows-cannot-boot jams. And now, I use it to boot into a clean environment, start up MalwareBytes Anti-Malware, update the definitions, and scan the drive. It fixes a few things, but upon booting back up, Windows is still atrociously slow.

Back into UBCD4Win...now, I use a McAfee cleaner (Stinger?) which finds a few viruses, and removes them.

Back to Windows, which boots, shows the "Loading user profile" momentarily, before showing the "saving user profile" message (essentially a login and logout). Uh-oh, looks like the overzealous virus cleaner wiped out a few files (or didn't fix the registry redirects put in place by the virus)

Thought I'd try the in-place upgrade of Windows XP with a WinXPSP3 CD I made using nLite a few years back. The CD didn't give me an option to repair, so it started installing instead. Scared that it had actually reformatted the drive without me knowing (the default nLite settings will do this), I cancelled out. Fortunately, it only created a new Windows.0 directory instead of reformatting. Phew.

Back to UBCD4Win, so that I can use a web browser to find out this log in/log out behaviour is because of an invalid entry in the registry for winlogon.exe . Not being able to find the registry editor in UBCD4Win, I took a chance that wininit.exe was not working, and copied it from D's XP Home installation.

Yay, now I can log in. However, most of my apps would crash, including IE6 (on startup), Chrome (after a few minutes), and Firefox (which seemed to be hijacked still, based on the google search results redirections). The system is basically at a SP3 level, so I'm missing quite a few critical security updates, and also experience told me that running all the updates usually fixed up some key system files in the process and got the apps to work again. Not wanting to get hit with another virus, my first priority was to get Windows Updates to pull in all updates. However, IE6 would crash upon starting (and hence Windows Update disabled). Alternative browsers weren't an option either as Windows Updates won't work with them. I downloaded IE8. Incidentally, that step also fixed the problem where Services.msc wouldn't show anything in the Extended tab.

Windows update still not working, due to a more common issue with BITS not started, but going to the Dependencies tab yielded "Interface: class not registered" error.

Initial google searches directed me towards the little-known "sfc /runnow" command, which attempts to restore ones files back to their original condition. Problem was that it asked me for the WinXP CD, and it would neither accept the original CD nor the nLite SP3 CD. A more manual approach was needed.

Error 1083: The executable program that this service is configured to run in does not implement the service.

I reregistered some more files, and was finally able to get all the Windows Updates to run, and got the computer running smoothly for the first time in a week.

Still suspicious that there was a virus somewhere (Google results were still redirecting), I did a complete scan with Symantec Antivirus, which picked up a few. I also ran Windows Onecare Safety Scanner, which I've good experience with in cleaning out stuff Symantec couldn't find. While the quick-scan was clean, the complete scan would show 6 items found. Unfortunately, the complete scan would never finish, and I'd never be able to clean out those files--it would loop inside the c:\windows\installer for nearly a day (before I cancelled the scan).

I updated MalwareBytes and SuperAntiSpyware once again, and ran a quickscan on each. MalwareBytes picked up the virus, while SuperAntiSpyware missed it. After deleting the virus, and rebooting, I did one final scan (just yesterday) and can now confidently say (after about 2 weeks of dealing with this) that I'm finally clean. There are still a few lingering issues on the system, most likely to do with certain DLLs needing to be reregistered, but for the most part, the system is back to normal.

Saturday, September 11, 2010

The free antivirus tool from MS started complaining about this copy of Windows XP home not being geniune, despite the standalone tool from MS's website stating the contrary. Eventually, the antivirus's 30-day free period expired, and her computer got infected. I spent about an hour in total researching how to fix it and trying various solutions and finally found this:

Friday, September 10, 2010

Technology is bliss...when it works. When it doesn't, hours are wasted googling error messages and filenames. Its now a necessary evil in our lives. As someone who works in tech, and has grown up with it, I am amazed how much of our electronics will not work out of the box. Skimpy manuals devote pages to warning you not to immerse their parts in water, but will barely tell you anything beyond how to turn it on. And good luck if it doesn't work. The troubleshooting portion of the guide is as useful as a brick in a glass house. "Item will not turn on: Resolution: make sure it is plugged in".

As I spend a great deal of time troubleshooting all sorts of things, I figured I should document it, so that maybe it might help someone else googling for the answers.